ATT&CK

The Monitor > ATT&CK tab can be used to investigate events based on the tactic, technique, and sub-technique assigned by the MITRE ATT&CK framework.

Events are plotted in a timeline, where the user is able to drill into them individually to open a tray containing the following:

  • MITRE ATT&CK tactic and technique information, with links to the relevant MITRE ATT&CK knowledge base articles

  • Shortcuts to the Policies or Hosts Alarm Monitor tab with filters for the event’s details applied

  • Basic event information

The page also includes the MITRE ATT&CK Enterprise Matrix, with technique classifications highlighted to match the corresponding events in the timeline.

Hint

Click on a technique cell in the matrix to view the policies violated in the Policies tab.

© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.